| 发明名称 | Visualization of access permission status | ||
| 摘要 | Queries regarding access permissions of users and rights to directories in a complex enterprise are executed in near real-time, using lookups to tables that form a condensed database maintained for each file server. User information is condensed by arranging users in user groups having common data access rights. Directory permissions storage is condensed by showing only distinctive permissions to a directory in a table entry, and referencing inherited permissions of parent directories. The tables indicate recursive and ancestral relationships among the user groups and directories. They are developed and updated in advance of any queries. A consolidated view of the query results is presented on a single display screen. Using the tables results can be obtained without exhaustive searches of large file system tables. | ||
| 申请公布号 | US8881232(B2) | 申请公布日期 | 2014.11.04 |
| 申请号 | US201313887875 | 申请日期 | 2013.05.06 |
| 申请人 | Varonis Systems Inc. | 发明人 | Faitelson Yakov;Korkus Ohad;Kretzer Ophir |
| 分类号 | G06F17/30;G06F21/62 | 主分类号 | G06F17/30 |
| 代理机构 | Fish & Richardson P.C. | 代理人 | Fish & Richardson P.C. |
| 主权项 | 1. A method for indicating data access privilege status for data in an enterprise, the method comprising: defining user groups offering common rights of access to a plurality of file servers, said file servers being organized as a hierarchy of storage elements having ancestors, said storage elements comprising nondistinctive storage elements that have only inherited access permissions that are inherited from one of said ancestors thereof, and distinctive storage elements that have at least non-inherited access permissions; maintaining a storage element permissions database containing only said non-inherited access permissions for said distinctive storage elements, and an inheritance indicator employing at least partially identical permission profiles that identifies other said distinctive storage elements that are ancestral thereto in said hierarchy thereby to reduce data storage requirements; consulting said storage element permissions database to ascertain a storage element-oriented set of said user groups that provide said common rights of access to selected ones of said storage elements; and reporting members of a directory-oriented set and a user-oriented set. | ||
| 地址 | Saddle Brook NJ US | ||